160 likes | 334 Views
Communication Technology. And hacking. How do we communicate and store information in the modern world? How can our communications and data be interrupted, changed, lost or stolen? How can we protect our communications and data?. Why have hacking contests?.
E N D
Communication Technology And hacking How do we communicate and store information in the modern world? How can our communications and data be interrupted, changed, lost or stolen? How can we protect our communications and data?
Why have hacking contests? • The computer is deep and complex in its function. There's a lot going on beneath the games, music, and internet, but this is something that many do not realize. Though complex, it is comprehensible even down to its lowest levels, and making the effort to understand it is a rewarding enterprise - there is joy in discovery, and there are discoveries to be had from the machine. • In the course of learning to hack, you will also pick up an understanding of basic cryptography and what goes on when you open a file, execute a program, or browse the web, as well as familiarity with some handy tools. Not enough people understand how to protect our important data or how to uncover potentially dangerous information left by others. Computer security is a rapidly growing field.
First, understand how data is stored • Binary code • Pixels of color for images • Notes for sound • ASCII or Unicode for text • HTML for web pages (with CSS and JavaScript, etc.) • Executable code for programs
pictures • EXIF data: • ExifToolVersion Number : 8.34 File Name : photo.JPG Directory : C:/Documents and Settings/user/My Document s/Downloads File Size : 349 kB File Modification Date/Time : 2010:10:19 14:05:39-06:00 File Permissions : rw-rw-rw- File Type : JPEG MIME Type : image/jpeg JFIF Version : 1.01 Exif Byte Order : Big-endian (Motorola, MM) Image Description : Back Camera Make : Apple Camera Model Name : iPhone Orientation : Horizontal (normal) X Resolution : 72 Y Resolution : 72 Resolution Unit : inches Software : 4.0.1 Modify Date : 2010:10:19 14:00:52 Y Cb Cr Positioning : Centered Exposure Time : 1/146 F Number : 2.4 Exposure Program : Program AE ISO : 80 Exif Version : 0221 Date/Time Original : 2010:10:19 14:00:52 Create Date : 2010:10:19 14:00:52 Shutter Speed Value : 1/146 Aperture Value : 2.4 Metering Mode : Average Flash : Off, Did not fire Focal Length : 3.9 mm Subject Area : 1295 967 699 696 Flashpix Version : 0100 Color Space : sRGBExif Image Width : 1296 Exif Image Height : 968 Sensing Method : One-chip color area Exposure Mode : Auto White Balance : Auto Scene Capture Type : Standard Sharpness : Hard GPS Latitude Ref : North GPS Longitude Ref : West GPS Time Stamp : 14:00:46.81 GPS Img Direction Ref : True North GPS Img Direction : 32.52336904 Image Width : 1296 Image Height : 968 Encoding Process : Baseline DCT, Huffman coding Bits Per Sample : 8 Color Components : 3 Y Cb Cr Sub Sampling : YCbCr4:2:0 (2 2) Aperture : 2.4 GPS Latitude : 45 deg 14' 58.20" N GPS Longitude : 121 deg 39' 4.80" W GPS Position : 45 deg 14' 58.20" N, 121 deg 39' 4.80" W Image Size : 1296x968 Shutter Speed : 1/146 Focal Length : 3.9 mm Light Value : 10.0 If you magnify any picture enough you will see the separate dots of color ( pixels) but along with the visible picture is invisible information stores in the same file that tells where, when and with what the picture was taken.
Pictures are also great places to hide data • http://en.wikipedia.org/wiki/Steganography • writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message An example showing how terrorists may send hidden messages. This avatar contains the message "Boss said that we should blow up the bridge at midnight." encrypted with mozaiq using "växjö" as password.
Cryptography • techniques for secure communication in the presence of third parties
Hackers • 2.1 White hat • 2.2 Black hat • 2.3 Grey hat • 2.4 Elite hacker • 2.5 Script kiddie • 2.6 Neophyte • 2.7 Blue hat • 2.8 Hacktivist • 2.9 Nation state • 2.10 Organized criminal gangs • 2.11 Bots There are many different reasons for hacking. Some good, some bad. But you can’t protect a system unless you understand what attacks you need to protect against.
picoCTF 2013 hacking contest • http://www.picoctf.com/learn • April 26th 2013 - May 6th 2013 • Toaster Wars • We recommend that, prior to the competition, each of the following languages is familiar to at least one member of each competing team. • JavaScript and HTML • Python • Reading C. The basics of Java and C are sufficiently similar that anyone in a Java-based computer science course should be fine in picoCTF. • Using the UNIX command line. • There are a lot of great web resources for leaning these languages and more about programming in general. You should google around to find an introductory tutorial that you like! As some starting recommendations: The official Python tutorial is excellent; Codecademy has tutorials for a variety of languages; Khan Academy's CS course is taught in JavaScript; Udacity's CS course is taught in Python; and Coursera and MIT OpenCourseWare have great full-length courses for most languages. • There are also some ongoing wargame exercises which would excellent practice for picoCTF. Many of these get to be quite challenging; don't be discouraged if you find any of these too difficult. • Smash the Stack (online exploitation exercises) • Crackmes.de (reverse engineering challenges) • Netforce.nl (web exploitation and cryptography)
Other resources • hackThisSite.org